diff options
| author | adam <adam> | 2016-02-09 07:02:54 +0000 |
|---|---|---|
| committer | adam <adam> | 2016-02-09 07:02:54 +0000 |
| commit | 6b5ed6b8535e08fad71d38e46345c2484e340aff (patch) | |
| tree | 9c16d11ec441be98f7a4862a19164035d02f8a3d /audio | |
| parent | 31d66d51e51a6a0a3372be808559713231623d16 (diff) | |
| download | pkgsrc-6b5ed6b8535e08fad71d38e46345c2484e340aff.tar.gz | |
Changes 2.4.3:
Fixes CVE-2005-0837.
The vulnerability, identified as CVE-2005-0837, allows an attacker to acces the raw XSLT template file by appending a dot “.” to the URL. Due to the way how Windows handles file names ending with a dot, it only affects Icecast versions < 2.4.3 running on Windows. Icecast on other operating systems, like Linux, wasn’t affected at any time by this issue. If you haven’t modified the default XSLT files of a Windows installation, then no information disclosure of real value could have happened. We expect that most, of the comparatively few, Windows installations have unmodified template files and thus, while technically vulnerable, only expose those unmodified templates. To be clear, no runtime information can be accessed this way.
Diffstat (limited to 'audio')
| -rw-r--r-- | audio/icecast/Makefile | 24 | ||||
| -rw-r--r-- | audio/icecast/distinfo | 12 | ||||
| -rw-r--r-- | audio/icecast/patches/patch-ab | 6 |
3 files changed, 20 insertions, 22 deletions
diff --git a/audio/icecast/Makefile b/audio/icecast/Makefile index 308e00fc1d6..41704c4be7d 100644 --- a/audio/icecast/Makefile +++ b/audio/icecast/Makefile @@ -1,18 +1,16 @@ -# $NetBSD: Makefile,v 1.59 2015/05/12 07:49:16 kim Exp $ -# +# $NetBSD: Makefile,v 1.60 2016/02/09 07:02:54 adam Exp $ -DISTNAME= icecast-2.4.2 -#PKGREVISION= 0 -CATEGORIES= audio -MASTER_SITES= http://downloads.xiph.org/releases/icecast/ +DISTNAME= icecast-2.4.3 +CATEGORIES= audio +MASTER_SITES= http://downloads.xiph.org/releases/icecast/ -MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= http://www.icecast.org/ -COMMENT= Live streaming audio server -LICENSE= gnu-gpl-v2 +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= http://www.icecast.org/ +COMMENT= Live streaming audio server +LICENSE= gnu-gpl-v2 -USE_PKGLOCALEDIR= yes USE_LIBTOOL= yes +USE_PKGLOCALEDIR= yes GNU_CONFIGURE= yes PTHREAD_AUTO_VARS= yes @@ -25,7 +23,7 @@ ICECAST_LOGDIR?= ${ICECAST_CHROOTDIR}/log ICECAST_USER?= icecast ICECAST_GROUP?= icecast -PKG_USERS_VARS+= ICECAST_USER +PKG_USERS_VARS= ICECAST_USER PKG_GROUPS_VARS+= ICECAST_GROUP PKG_GROUPS= ${ICECAST_GROUP} @@ -37,7 +35,7 @@ CONF_FILES= ${EGDIR}/icecast.xml ${PKG_SYSCONFDIR}/icecast.xml OWN_DIRS_PERMS= ${ICECAST_CHROOTDIR} ${ICECAST_USER} ${ICECAST_GROUP} 770 OWN_DIRS_PERMS+= ${ICECAST_LOGDIR} ${ICECAST_USER} ${ICECAST_GROUP} 770 -post-extract: +pre-configure: ${MV} ${WRKSRC}/conf/icecast.xml.in ${WRKSRC}/conf/icecast.fixme post-install: diff --git a/audio/icecast/distinfo b/audio/icecast/distinfo index 4190d70a833..e0d0987615d 100644 --- a/audio/icecast/distinfo +++ b/audio/icecast/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.21 2015/11/03 01:12:35 agc Exp $ +$NetBSD: distinfo,v 1.22 2016/02/09 07:02:54 adam Exp $ -SHA1 (icecast-2.4.2.tar.gz) = 57a092302ab8aa4993fa280f299c099d25e875a5 -RMD160 (icecast-2.4.2.tar.gz) = ecf6d75c722766782c8f61b9a206bb35f8dcfcff -SHA512 (icecast-2.4.2.tar.gz) = 6fc5a54b97f1efd63f0d3ea17fc7124cb30cfafae70615f5afdf878df9e3f57ca7882757a0691329d63ee4fc7555c695fefa415f2deb955d01244afc4528a260 -Size (icecast-2.4.2.tar.gz) = 2388381 bytes +SHA1 (icecast-2.4.3.tar.gz) = 230e2aa5abf80010c42d41cc7c0b078fb542b080 +RMD160 (icecast-2.4.3.tar.gz) = 57717c26258dd9f2a52f548bff1745e8ea9e608c +SHA512 (icecast-2.4.3.tar.gz) = 70e755ee935e738f2b7310333823992517747897692d101b67d73d5cd40d6385a20c25d089a0430806c116021e6e2055761efee9fec27cd9bccb2b58a2bfd446 +Size (icecast-2.4.3.tar.gz) = 2393358 bytes SHA1 (patch-aa) = d3f4891295143adc261b3bf076e924f4540c6030 -SHA1 (patch-ab) = f5607e7337399d356997c327f3bf89957f6e770e +SHA1 (patch-ab) = 4abb78f2067369600851abca71bb19049d8a41e8 SHA1 (patch-ac) = ce0a5474a88e5b768cd1c37ee0c934895a49093a diff --git a/audio/icecast/patches/patch-ab b/audio/icecast/patches/patch-ab index 2953cd194a4..1cbdd3657f2 100644 --- a/audio/icecast/patches/patch-ab +++ b/audio/icecast/patches/patch-ab @@ -1,10 +1,10 @@ -$NetBSD: patch-ab,v 1.10 2015/05/12 07:49:16 kim Exp $ +$NetBSD: patch-ab,v 1.11 2016/02/09 07:02:54 adam Exp $ Allow for paths, user and group to be set via pkgsrc Makefile. Decrease amount of logging a little bit by default. ---- conf/icecast.fixme.orig 2015-04-08 08:06:13.000000000 +0000 -+++ conf/icecast.fixme 2015-05-12 07:19:45.000000000 +0000 +--- conf/icecast.xml.in.orig 2015-04-08 08:06:13.000000000 +0000 ++++ conf/icecast.xml.in 2015-05-12 07:19:45.000000000 +0000 @@ -191,14 +191,14 @@ <paths> |